Manager Governance Risk and Compliance

WHY UT SOUTHWESTERN?
With over 75 years of excellence in Dallas-Fort Worth, Texas, UT Southwestern is committed to excellence, innovation, teamwork, and compassion. As a world-renowned medical and research center, we strive to provide the best possible care, resources, and benefits for our valued employees. Ranked as the number 1 hospital in Dallas-Fort Worth according to U.S. News & World Report, we invest in you with opportunities for career growth and development to align with your future goals. Our highly competitive benefits package offers healthcare, PTO and paid holidays, on-site childcare, wage, merit increases and so much more. We invite you to be a part of the UT Southwestern team where you'll discover a culture of teamwork, professionalism, and a rewarding career!

JOB SUMMARY
Works under general supervision of the Assistant Vice President, Information Security to develop, implement, and operationalize the Information Security governance and risk management functions to ensure the Program is compliant with established security controls frameworks, regulatory and legal requirements, policies, and standards. Ensures that Information Security risk to the institution is appropriately managed. Subject matter expert on mature security governance structures and processes, risk management processes (enterprise and third party), and contractual, regulatory compliance requirements. Leads and executes enterprise-wide security assessments and strategic projects to mature the Program.

Develop and maintain productive working relationships with senior leadership, corporate compliance, internal and other key stakeholders to assist in achieving governance, risk and compliance goals and objectives. Coach, mentor, and train team members to establish a consistent level of quality, accuracy, and accountability for the information security program. Lead and guide strategic governance, risk, and compliance functions across multiple lines of business: health system, research, and academic affairs departments.

THIS IS A HYBRID POSITION - MUST LIVE IN THE DFW METRO AREA TO COME INTO THE OFFICE WEEKLY

UNABLE TO PROVIDE VISA SPONSORSHIP

BENEFITS
UT Southwestern is proud to offer a competitive and comprehensive benefits package to eligible employees. Our benefits are designed to support your overall wellbeing, and include:

• PPO medical plan, available day one at no cost for full-time employee-only coverage
• 100% coverage for preventive healthcare-no copay
• Paid Time Off, available day one
• Retirement Programs through the Teacher Retirement System of Texas (TRS)
• Paid Parental Leave Benefit
• Wellness programs
• Tuition Reimbursement
• Public Service Loan Forgiveness (PSLF) Qualified Employer
• Learn more about these and other UTSW employee benefits!

EXPERIENCE AND EDUCATION
Required

• Education
  Bachelor's Degree with major coursework in computer science, math, information systems, or other related field
  
  

• Experience
  8 years progressively responsible information Security experience 

• Licenses and Certifications
  Certified Information Security Manager (CISM) within 1 Year or
  Certified in Risk and Information Systems Control (CRISC) within 1 Year

JOB DUTIES

• Develop and maintain productive working relationships with senior leadership, corporate compliance, internal and other key stakeholders to assist in achieving governance, risk and compliance goals and objectives.
• Coach, mentor, and train team members to establish a consistent level of quality, accuracy, and accountability for the information security program.
• Lead and guide strategic governance, risk, and compliance functions across multiple lines of business: health system, research, and academic affairs departments.
• Implements established risk frameworks for the Institution‿s Information Security program.
• Establishes and operationalizes formal security risk assessment frameworks to quantify and qualify risk including for third-party vendor risk, technology procurement and internal security controls. Leads and executes enterprise-wide security assessments and strategic projects to mature the Program.
• Tracks information security audit findings, coordinates the creation of audit deliverables and ensures audit compliance. Ensures Information Security Program compliance with established security controls framework, and regulatory and legal requirements, policies, and standards.
• Develops key performance and key risk indicators for Information Security Program maturity and operational and executive reporting.
• Responsible for establishing and maintaining information security policy, governance, and compliance protocols for the institution.
• Interfaces with departments, Information Resources, third-party vendors, and business partners to identify areas of risk and assist with development of plans to establish and maintain ongoing compliance.
• Assists with various Information Security projects. Stay up to date with regulatory changes, modern technology & security controls, and practices.
• Guide and support team in executing compliance assessments in accordance with HIPAA, PCI, NIST, and other applicable regulatory and industry standards.
• Performs other duties as assigned.

SECURITY AND EEO STATEMENT
Security
This position is security-sensitive and subject to Texas Education Code 51.215, which authorizes UT Southwestern to obtain criminal history record information. To the extent this position requires the holder to research, work on, or have access to critical infrastructure as defined in Section 113.001(2) of the Texas Business and Commerce Code, the ability to maintain the security or integrity of the critical infrastructure is a minimum qualification to be hired and to continue to be employed in the position.

EEO Statement
UT Southwestern Medical Center is committed to an educational and working environment that provides equal opportunity to all members of the University community. As an equal opportunity employer, UT Southwestern prohibits unlawful discrimination, including discrimination on the basis of race, color, religion, national origin, sex, sexual orientation, gender identity, gender expression, age, disability, genetic information, citizenship status, or veteran status.